A Two-stage Flow-based Intrusion Detection Model ForNext-generation Networks

The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results

On the Feasibility of the Link Abstraction in Wireless Mesh Networks

Outdoor community mesh networks based on IEEE 802.11 have seen tremendous growth in the recent past. The current understanding is that wireless link performance in these settings is inherently unpredictable, due to multipath delay spread. Consequently, researchers have focused on developing intelligent routing techniques to achieve the best possible performance. In this paper, we are specifically interested in mesh networks in rural locations. We first present detailed measurements to show that the PHY layer in these settings is indeed stable and predictable. There is a strong correlation between the error rate and the received signal strength. We show that interference, and not multipath fading, is the primary cause of unpredictable performance. This is in sharp contrast with current widespread knowledge from prior studies. Furthermore, we corroborate our view with a fresh analysis of data presented in these prior studies. While our initial measurements focus on 802.11b, we then use two different PRY technologies as well, operating in the 2.4-GHz ISM band: 802.11g and 802.15.4. These show similar results too. Based on our results, we argue that outdoor rural mesh networks can indeed be built with the link abstraction being valid. This has several design implications, including at the MAC and routing layers, and opens up a fresh perspective on a wide range of technical issues in this domain

PIP: A Multichannel, TDMA-Based MAC for Efficient and Scalable Bulk Transfer in Sensor Networks

In this article, we consider the goal of achieving high throughput in a wireless sensor network. Our work is set in the context of those wireless sensor network applications which collect and transfer bulk data. We present PIP (Packets in Pipe), a MAC primitive for use by the transport module to achieve high throughput. PIP has a unique set of features: (a) it is a multihop connection-oriented primitive, (b) it is TDMA based, (c) it uses multiple radio channels, and (d) it is centrally controlled. This represents a significant shift from prior MAC protocols for bulk data transfer. PIP has several desirable properties: (a) its throughput degrades only slightly with increasing number of hops, (b) it is robust to variable wireless error rates, (c) it performs well even without any flow control, and (d) requires only small queue sizes to operate well. We substantiate these properties with a prototype implementation of PIP on the Tmote-Sky CC2420-based platform. PIP achieves about eleven times better throughput than the state-of-the-art prior work, over a network depth of 24 hops. We also show that PIP can be interagted with duty cycling, and that PIP can support streaming data from/to flash at little overhead